ServiceNow has addressed a blind SQL injection vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to extract unauthorized information. ServiceNow deployed an update to hosted instances, and ServiceNow provided the update to our partners and self-hosted customers. Further, the vulnerability is addressed in the listed patches and hot fixes.
Metrics
Affected Vendors & Products
References
History
Wed, 27 Nov 2024 20:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:servicenow:servicenow:vancouver:early_availability:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:early_availability_hotfix_1:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:early_availability_hotfix_2:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_10:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_10_hotfix_1:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_1_hotfix_1:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix1a:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_1:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_2:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_3:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_3:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_1:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_2:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_3:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_4:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_1:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_2b:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_5_hotfix_1:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_6_hotfix_1:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_6_hotfix_2:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_7:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_1:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_1a:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_2:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_2a:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_2b:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_3a:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_3b:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_4:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_1:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_2:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_3:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_4:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_5:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_9:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_9_hotfix_1:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_9_hotfix_2:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_9_hotfix_2a:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_9_hotfix_2b:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_9_hotfix_3a:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:washington_dc:early_availability:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:washington_dc:early_availability_hotfix_1:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_1:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_2:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_2b:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_3b:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:washington_dc:patch_2_hotfix_1:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:washington_dc:patch_2_hotfix_2:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:washington_dc:patch_3_hotfix_1:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:washington_dc:patch_3_hotfix_2:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:washington_dc:patch_3_hotfix_3:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:washington_dc:patch_4:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:washington_dc:patch_4_hotfix_1:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:washington_dc:patch_4_hotfix_1a:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:washington_dc:patch_4_hotfix_1b:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:washington_dc:patch_4_hotfix_2:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:washington_dc:patch_5_hotfix_1:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:washington_dc:patch_5_hotfix_2:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:washington_dc:patch_5_hotfix_3:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:washington_dc:patch_5_hotfix_4:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:washington_dc:patch_5_hotfix_5:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:washington_dc:patch_5_hotfix_6:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:washington_dc:patch_6:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:xanadu:early_availability:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:xanadu:early_availability_hotfix_1:*:*:*:*:*:* |
Thu, 07 Nov 2024 17:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:servicenow:servicenow:vancouver:-:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_1:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_2:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_1a:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_4:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_1a:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_1b:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_5:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_6:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotifix_1a:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotifix_1b:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotifix_2a:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotifix_2b:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_8:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:ptach_7:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:washington_dc:-:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_2a:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:washington_dc:patch_2:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:washington_dc:patch_3:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:washington_dc:patch_4_hotfix_2a:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:washington_dc:patch_5:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:xanadu:-:*:*:*:*:*:* |
Tue, 29 Oct 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Servicenow
Servicenow servicenow |
|
CPEs | cpe:2.3:a:servicenow:servicenow:utah:*:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:*:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:washington_dc:*:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:xanadu:*:*:*:*:*:*:* |
|
Vendors & Products |
Servicenow
Servicenow servicenow |
|
Metrics |
ssvc
|
Tue, 29 Oct 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | ServiceNow has addressed a blind SQL injection vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to extract unauthorized information. ServiceNow deployed an update to hosted instances, and ServiceNow provided the update to our partners and self-hosted customers. Further, the vulnerability is addressed in the listed patches and hot fixes. | |
Title | Unauthenticated Blind SQL Injection in Core Platform | |
Weaknesses | CWE-89 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: SN
Published: 2024-10-29T16:14:38.836Z
Updated: 2024-10-31T03:55:17.683Z
Reserved: 2024-09-16T23:37:01.512Z
Link: CVE-2024-8924
Vulnrichment
Updated: 2024-10-29T19:50:48.982Z
NVD
Status : Analyzed
Published: 2024-10-29T17:15:04.983
Modified: 2024-11-27T19:32:01.823
Link: CVE-2024-8924
Redhat
No data.